Nesting multiple with_items?

Archives Ansible Project
1

So, I want to add two lines to each of two files. Looking to see if lineinfile could add multiple lines, I found a post that seemed to indicate it could not.

  1. Is it possible to make lineinfile add multiple lines?

  2. If not, is there a way to do something like:

  • name: Lock accounts after 3 unsuccessful logon attempts
    lineinfile: dest=/etc/pam.d/{{item1}}-auth-ac
    regexp=‘^auth\ [default=die]\ pam_faillock.so\ authfail\ deny=3\ unlock_time=604800\ fail_interval=900’
    insertafter=‘^auth.pam_unix.so.’ line=‘$item2’
    with_items2:
  • ‘auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900’
  • ‘auth required pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900’
    with_items1:
  • system
  • password
2

Look up “with_nested” for this one.

However ansible is not going to like you adding key=value arguments in recent versions that way. I’d try passing a hash of values instead.

Also seems the $item2 might be from a very old ansible version and you mean “{{item2}}”

Any any case, with_nested should hook you up and let us know if you need more info!

3

Thanks.

I’m not quite sure what you mean by “pass a has of values”… I’m envisioning an md5 or aha checksum, and scratching my head :slight_smile:

And I think that ‘$item2’ came from some example I dug up on the Internet.

I wound up with:

lineinfile: dest=/etc/pam.d/{{ item[0] }}-auth-ac
regexp=‘^auth\ [default=die]\ pam_faillock.so\ authfail\ deny=3\ unlock_time=604800\ fail_interval=900’
insertafter=‘^auth.pam_unix.so.
line={{ line[1] }}
with_nested:

  • [ ‘system’ ‘password’ ]
  • [ ‘auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900’ ‘auth required pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900’ ]

but have little confidence because of your remark :slight_smile: I’ll have to stand up another VM to test this set of recipes.

4

Sorry I was wrong about the key=value stuff as that’s all for your config file, ignore that part.

I would however, change this, which isn’t valid syntax on the first term at least to:

with_nested:

  • [ ‘system’ ‘password’ ]
  • [ ‘auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900’ 'auth required pam_faillock.so authsucc deny=3 unlock_time=604800

with_nested:

  • listone
  • listtwo

to make it a little cleaner, then up in vars, structure like so:

vars:
listone:

  • system
  • password
    listtwo:
  • ‘really long options string one’
  • ‘really long options string two’

And in the task:

{{ item.1 }} and {{ item.2 }} are your variables.

It may also be cleaner to just have two tasks unless you want both settings in both files. I’m not sure.